Digistump Forums

The Digispark => Digispark Projects => Topic started by: seattleandrew on March 18, 2013, 07:44:54 pm

Title: DigiBruteDroid - Brute Force Android PINs!
Post by: seattleandrew on March 18, 2013, 07:44:54 pm

Hey guys, just wanted to share some quick security research I did over the weekend. If you have an Android device that supports USB OTG, I quickly whipped up some code for the DigiSpark that will enter 4-Digit PINS in quick succession (even accounting for 30 second PIN fail delays). Take a look at my video (https://www.youtube.com/watch?v=Weyvg3E7kEc) demonstrating the tool or download the code from GitHub (https://github.com/seattleandrew/DigiBruteDroid).


Some Future ideas (feel free to contribute to the GitHub (https://github.com/seattleandrew/DigiBruteDroid) code as well):

• [size=78%]include a color/light sensor to detect when the PIN succeeds[/size]
• [size=78%]add a button to replay the successful PIN[/size][size=78%]. [/size]
• [size=78%]expand the code to support PINs larger than 4 digits in length[/size]
• [size=78%]add a section to upload an array of passcodes (dictionary attack)[/size]
• [size=78%]Support rainbow tables (unlikely to support brute forcing passcodes since the entropy would make it take forever to solve).[/size]